main commit

2025-10-16 16:30:25 +09:00
parent 91c7e04474
commit 537e7b363f
1146 changed files with 45926 additions and 77196 deletions
--- a/venv/lib/python3.12/site-packages/jwt/utils.py
+++ b/venv/lib/python3.12/site-packages/jwt/utils.py
@@ -1,7 +1,7 @@
 import base64
 import binascii
 import re
-from typing import Optional, Union
+from typing import Union

 try:
    from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve
@@ -37,11 +37,11 @@ def base64url_encode(input: bytes) -> bytes:
    return base64.urlsafe_b64encode(input).replace(b"=", b"")


-def to_base64url_uint(val: int, *, bit_length: Optional[int] = None) -> bytes:
+def to_base64url_uint(val: int) -> bytes:
    if val < 0:
        raise ValueError("Must be a positive integer")

-    int_bytes = bytes_from_int(val, bit_length=bit_length)
+    int_bytes = bytes_from_int(val)

    if len(int_bytes) == 0:
        int_bytes = b"\x00"
@@ -63,10 +63,13 @@ def bytes_to_number(string: bytes) -> int:
    return int(binascii.b2a_hex(string), 16)


-def bytes_from_int(val: int, *, bit_length: Optional[int] = None) -> bytes:
-    if bit_length is None:
-        bit_length = val.bit_length()
-    byte_length = (bit_length + 7) // 8
+def bytes_from_int(val: int) -> bytes:
+    remaining = val
+    byte_length = 0
+
+    while remaining != 0:
+        remaining >>= 8
+        byte_length += 1

    return val.to_bytes(byte_length, "big", signed=False)

@@ -128,15 +131,26 @@ def is_pem_format(key: bytes) -> bool:


 # Based on https://github.com/pyca/cryptography/blob/bcb70852d577b3f490f015378c75cba74986297b/src/cryptography/hazmat/primitives/serialization/ssh.py#L40-L46
-_SSH_KEY_FORMATS = (
+_CERT_SUFFIX = b"-cert-v01@openssh.com"
+_SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)")
+_SSH_KEY_FORMATS = [
    b"ssh-ed25519",
    b"ssh-rsa",
    b"ssh-dss",
    b"ecdsa-sha2-nistp256",
    b"ecdsa-sha2-nistp384",
    b"ecdsa-sha2-nistp521",
-)
+]


 def is_ssh_key(key: bytes) -> bool:
-    return key.startswith(_SSH_KEY_FORMATS)
+    if any(string_value in key for string_value in _SSH_KEY_FORMATS):
+        return True
+
+    ssh_pubkey_match = _SSH_PUBKEY_RC.match(key)
+    if ssh_pubkey_match:
+        key_type = ssh_pubkey_match.group(1)
+        if _CERT_SUFFIX == key_type[-len(_CERT_SUFFIX) :]:
+            return True
+
+    return False